Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9 Golang Critical Memory Exhaustion DoS Fix MGASA-2026-0035

mageia
Calendar Grey February 11, 2026
Dist Mageia Esm H88
Updated golang packages in Mageia resolve critical security issues across multiple CVEs, including DoS and code execution risks.
MGASA-2026-0035 - Updated golang packages fix security vulnerabilities

Summary

Description: net/http: memory exhaustion in Request.ParseForm. (CVE-2025-61726) archive/zip: denial of service when parsing arbitrary ZIP archives. (CVE-2025-61728) crypto/tls: handshake messages may be processed at the incorrect encryption level. (CVE-2025-61730) cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (CVE-2025-61731) Potential code smuggling via doc comments in cmd/cgo. (CVE-2025-61732) cmd/go: unexpected code execution when invoking toolchain. (CVE-2025-68119) crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (CVE-2025-68121)

References

- https://bugs.mageia.org/show_bug.cgi?id=35007

- https://www.openwall.com/lists/oss-security/2026/01/15/3

- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

- https://openwall.com/lists/oss-security/2026/01/17/2

- https://openwall.com/lists/oss-security/2026/01/17/3

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NH2ETRY5I4475P2G36TA426YNBGAZLJM/

- https://www.openwall.com/lists/oss-security/2026/02/07/2

- https://www.cve.org/CVERecord?id=CVE-2025-61726

- https://www.cve.org/CVERecord?id=CVE-2025-61728

- https://www.cve.org/CVERecord?id=CVE-2025-61730

- https://www.cve.org/CVERecord?id=CVE-2025-61731

- https://www.cve.org/CVERecord?id=CVE-2025-61732

- https://www.cve.org/CVERecord?id=CVE-2025-68119

- https://www.cve.org/CVERecord?id=CVE-2025-68121

Topics%20covered

Topics Covered

security advisory denial of service critical code execution memory exhaustion Mageia

Resolution

SRPMS

- 9/core/golang-1.24.13-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 11 Feb 2026
URL: https://advisories.mageia.org/MGASA-2026-0035.html
Type: security
CVE: CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121

Topics%20covered

Topics Covered

security advisory denial of service critical code execution memory exhaustion Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here